Launchpad CVE tracker

CVE 2007-5626

make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network.

Related bugs and status

CVE-2007-5626 (Candidate) is related to these bugs:

Bug #222558: password in bacula-fd.conf is not auto-generated

Summary				In	Importance	Status
	222558	password in bacula-fd.conf is not auto-generated		bacula (Ubuntu)	Medium	Fix Released

Bug #228693: [SRU] bacula-director-pgsql postinstall broken

		In	Importance	Status
228693	[SRU] bacula-director-pgsql postinstall broken	bacula (Ubuntu)	Medium	Fix Released
228693	[SRU] bacula-director-pgsql postinstall broken	bacula (Ubuntu Hardy)	Medium	Fix Released
228693	[SRU] bacula-director-pgsql postinstall broken	bacula (Ubuntu Intrepid)	Medium	Fix Released

Bug #286643: bacula client configuration is broken out of the box

Summary				In	Importance	Status
	286643	bacula client configuration is broken out of the box		bacula (Ubuntu)	High	Fix Released

Bug #293515: bacula-director-mysql installed and started before mysql-server

Summary				In	Importance	Status
	293515	bacula-director-mysql installed and started before mysql-server		bacula (Ubuntu)	Medium	Fix Released

Bug #308903: The bacula-dir.conf file is not present when installing Bacula

Summary				In	Importance	Status
	308903	The bacula-dir.conf file is not present when installing Bacula		bacula (Ubuntu)	Undecided	Fix Released

Bug #314746: package bacula-console-qt does not install desktop entry

Summary				In	Importance	Status
	314746	package bacula-console-qt does not install desktop entry		bacula (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2007-5626

References